Legality of Automated Outreach for SEO
Today on Twitter I had a series of interesting conversations about the legality of outreach, automated prospecting and bulk email harvesting. What I found the most interesting was the widely diverse and opposing views on the legality of link building tactics. I found this a bit concerning.
Disclaimer: Before I continue, the standard disclaimer that I’m not a lawyer. I didn’t talk to a lawyer and I’m in no way qualified to give legal advice. I’m just sharing what I’ve read.
The other disclaimer: I’m not criticizing any particular link building tactics. I support methodologies that allow link building to be more effective. However, I think it’s worth knowing the legalities behind these methodologies so that independent SEOs, agencies, in-house and companies who hire agencies are protected. This isn’t an anti-spam post, it’s an anti-going-to-jail-and-being-charged-fines-I-don’t-want-to-pay post.
General definition of spam: Sending email that is unsolicited and sent in bulk.
Legalities of Email Spam
The legalities of email spam are outlined in the CAN-SPAM Act. I won’t repeat it all here, but you should go read.
Additional notes to not ignore:
- You must honor opt-out requests – I’m not sure how this works for a 3rd party agency who uses shared contacts for multiple client’s sites. If someone requests for you to no longer email, I’m not sure if this applies to the agency, the company or both.
- All parties are responsible – You can’t contract away your liability. If your agency spams on your behalf, your company may still be held liable.
Is Harvesting Legal?
Harvesting emails is the act of using automated methods to capture email addresses in mass, usually for use in bulk emails.
The exact legality of harvesting seems unclear, but it is not fully legal. In fact, harvesting makes spamming an aggravated violation.
Under the CAN-SPAM Act, one who initiates the transmission of an email message that violates the Act may be subject to triple damages if the violative email is sent to an email address that he or she knows was harvested. 15 U.S.C. §§ 7706(f)(3)(C) and (g)(3)(C). – Source: ftc.gov
Since I’m not an email expert, I went looking for people who are and found this post on ExactTarget about email harvesting and found this passage (emphasis mine).
According to the folks at Project Honey Pot, harvesting is illegal under CAN-SPAM. ”The law defines every message sent to a harvested address as “spam” and imposes potential liability on the sender. This is regardless of whether the sender complies with the law’s other requirements. In other words, including an opt-out link and following the Act’s notice regulations is not enough to spare bulk mailers sending to harvested addresses from liability.”
The post goes on to state (emphasis mine):
Not everybody agrees that this interpretation of how harvesting is handled under CAN-SPAM is correct.
Looking at the wording on the FTC compliance guide, it may be that harvesting is not illegal, but if you use the output of that harvest to engage in email practices that violate the CAN-SPAM act, that you’re increasing your violation. This could result in heavier fines and imprisonment.
Looking at what other potential experts might have to say, I checked out Quora, where lawyer Glenn Manishin left this comment (emphasis mine).
Both, if what you refer to is harvesting itself. I do not recall there is a statutory or FTC prohibition on “soliciting” harvested email addresses or address lists; the law makes harvesting, or emailing to harvested addressees, unlawful.
So it looks like there is no 100% agreement if it’s illegal or simply an increased violation of another illegal act.
What to Do
- If you use harvesting, automated methods and bulk emailing you might consider legal counsel to make sure you’re in compliance with the law.
- Create policies and methodologies that completely avoid crossing into the potential vague area of this law.
- If you’re using a 3rd party agency, it’s worth asking them about #1 and #2.
Russ Jones, CTO of Virante, stated on Twitter today that this is how his company safeguards against a potential violation:
“We follow a strict 1 email at a time, real person sends the email policy. Never send bulk.”
This is the same method I use when doing outreach. I’ll use tools, templates, hacks and apps to improve my efficiency, but at the end of the day I’m viewing every contact page and pressing send on every email that goes out.
If you have any thoughts or experience on the legality of email harvesting, I’d love to hear them in the comments below.
4 Comments
Leave a Comment
© 2012 Justin
Any unsolicited commercial message is a spam and you can be prosecuted. However this is not applicable in US. In fact US is the only country which legalises email spam via ‘Can Spam’ act which gives the right to spam provided you follow certain guidelines. So as long as you follow these guidelines you are safe.
In regards to link building many link builders mask their or their company real identity while sending out an email. This is the violation of can spam act and you can be prosecuted. So for example if you send me a link request via an email which doesn’t reveal your real identity like you are using a gmail account or using a username which is not your real name then technically i can sue you. However this rarely happens in real life. People are going to sue you only when you spam them like hell and offcourse your email doesn’t follow the can spam act guidelines like opting out. I wrote a post on this topic. You can read it via the website URL.
Hey,
I’m not sure about the legalities in the US, however I believe that in the UK it depends on how the email address was harvested.
For example, if you’re talking about using email addresses you’ve found on ‘contact’ or ‘about’ pages on given websites, then my understanding is that in publishing their email addresses publicly these people are giving you permission to email them.
Where you may run into trouble is if you say buy a list of email addresses from an unscrupulous individual who doesn’t actually have permission to sell these individual’s details.
NB I’m not a lawyer
Hi,
Spammers have definitely made life more difficult for legit businesses.
Just a quick remark on Hannah’s post (and, no, I’m not a lawyer though I have legal experience).
We do have similar legislation here in Australia relating to acquiring and using a work-related email address that is published on a website. In that situation, you can invoke “inferred consent”.
However, if there is a statement of some kind on the website specifically asking that unsolicited messages not be sent to that address, you cannot infer consent and that’s that.
There are further conditions to be observed if a commercial message is transmitted via email under the inferred consent rule but that’s for another time.
Cheers,
Joshua
Hey Justin,
Here’s the actual language in the statute:
the Sentencing Commission shall consider providing sentencing enhancements for –
(A) those convicted under section 1037 of title 18 who –
(i) obtained electronic mail addresses through improper
means, including –
(I) harvesting electronic mail addresses of the users of
a website, proprietary service, or other online public
forum operated by another person, without the authorization of such person; and
(II) randomly generating electronic mail addresses by
computer;
Section section 1037 of title 18 is all about rules for sending, not harvesting.
So, as it’s been explained to me, this basically means “there are sentencing guidelines for violations of the CAN-SPAM act, and if you use email harvesting to get the addresses, you’re going to be doubly-screwed when it comes time for sentencing.”
Links to the actual legislation and policy guidelines:
http://uscode.house.gov/download/pls/15C103.txt – the actual statute. The relevant sections are 7703.b.2.A.i and 7703.b.1
http://www.law.cornell.edu/uscode/usc_sec_18_00001037—-000-.html – the sentencing guidelines…the summary – it’s a felony and you can go to jail for a long time.
One other note – While I know it’s not the topic of your post, I think it’s worth mentioning that there are practical advantages to not going the spam route. Yeah, you can grab a huge list and spam the s*** out of it, but your results will suck and your brand will suffer. Taking the time to make sure you’re sending relevant pitches to the right people will significantly impact performance (and has the added benefit of allowing you to sleep well
.
Paul